companion-clis
github.com/runpod/skills
Scanned Thu, 28 May 2026 17:51:03 GMT
Scan ID crawl-zkp8239mkd2u1lepdufebhsj · 2ms
C
SCORE 55 / 100
Verdict: Proceed with caution
11 high-severity findings.
This skill runs unsafe shell commands plus 11 other issues listed below.
0 critical11 high1 medium0 rules passed
Why grade C?
score · 55 / 100The current grade reflects 11 high-severity findings (3+ HIGHs → C).
0 CRIT11 HIGH1 MED0 LOW
To reach a higher grade
- BReach Btarget score 75
Resolve 9 of 11 HIGH (cap is 2).
- AReach Atarget score 95
Resolve all 11 HIGH.
Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.
Findings · ordered by severity
highDangerous shell pattern: curl | shellThe skill contains a shell command pattern (`curl | shell`) commonly used in destructive or supply-chain attacks.▾
Dangerous shell pattern: curl | shell
The skill contains a shell command pattern (`curl | shell`) commonly used in destructive or supply-chain attacks.
32```bash
33# macOS / Linux (standalone installer — recommended)
34curl -LsSf https://hf.co/cli/install.sh | bash← curl | shell — common in destructive or supply-chain attacks
35
36# macOS (Homebrew)
highDangerous shell pattern: curl | shellThe skill contains a shell command pattern (`curl | shell`) commonly used in destructive or supply-chain attacks.▾
Dangerous shell pattern: curl | shell
The skill contains a shell command pattern (`curl | shell`) commonly used in destructive or supply-chain attacks.
224```bash
225# Linux convenience script (Ubuntu/Debian)
226curl -fsSL https://get.docker.com | sh← curl | shell — common in destructive or supply-chain attacks
227sudo usermod -aG docker $USER # allow non-root usage (re-login after)
228```
highSensitive filesystem path referencedThe skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.▾
Sensitive filesystem path referenced
The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.
124```bash
125ssh-keygen -t ed25519 -C "your_email@example.com"
126# Saves to ~/.ssh/id_ed25519 (private) and ~/.ssh/id_ed25519.pub (public)← sensitive path — credential-exfiltration vector
127# Press Enter to accept the default path; set a passphrase or leave blank
128```
highSensitive filesystem path referencedThe skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.▾
Sensitive filesystem path referenced
The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.
133# macOS
134eval "$(ssh-agent -s)"
135ssh-add --apple-use-keychain ~/.ssh/id_ed25519← sensitive path — credential-exfiltration vector
136
137# macOS — also add to ~/.ssh/config so the key loads automatically on login.
highSensitive filesystem path referencedThe skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.▾
Sensitive filesystem path referenced
The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.
135ssh-add --apple-use-keychain ~/.ssh/id_ed25519
136
137# macOS — also add to ~/.ssh/config so the key loads automatically on login.← sensitive path — credential-exfiltration vector
138# Create the file if it doesn't exist, and add these lines:
139#
highSensitive filesystem path referencedThe skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.▾
Sensitive filesystem path referenced
The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.
141# AddKeysToAgent yes
142# UseKeychain yes
143# IdentityFile ~/.ssh/id_ed25519← sensitive path — credential-exfiltration vector
144
145# Linux
highSensitive filesystem path referencedThe skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.▾
Sensitive filesystem path referenced
The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.
145# Linux
146eval "$(ssh-agent -s)"
147ssh-add ~/.ssh/id_ed25519← sensitive path — credential-exfiltration vector
148
149# Windows (WSL2): use the Linux instructions above
highSensitive filesystem path referencedThe skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.▾
Sensitive filesystem path referenced
The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.
164```bash
165# GitHub — upload via gh CLI (requires auth above to be completed first)
166gh ssh-key add ~/.ssh/id_ed25519.pub --title "my-machine"← sensitive path — credential-exfiltration vector
167
168# HuggingFace — paste contents of public key manually in browser
highSensitive filesystem path referencedThe skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.▾
Sensitive filesystem path referenced
The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.
167
168# HuggingFace — paste contents of public key manually in browser
169cat ~/.ssh/id_ed25519.pub # copy this output← sensitive path — credential-exfiltration vector
170# Then add at https://huggingface.co/settings/keys
171```
highSensitive filesystem path referencedThe skill references a path (`~\/\.docker\/config\.json`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.▾
Sensitive filesystem path referenced
The skill references a path (`~\/\.docker\/config\.json`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.
241```
242
243Credentials are saved to `~/.docker/config.json` after a successful login.← sensitive path — credential-exfiltration vector
244
245### Tagging
highSensitive filesystem path referencedThe skill references a path (`~\/\.aws\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.▾
Sensitive filesystem path referenced
The skill references a path (`~\/\.aws\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.
329
330```bash
331# Option 1: interactive configure (writes ~/.aws/credentials and ~/.aws/config)← sensitive path — credential-exfiltration vector
332# When prompted: enter user ID as access key, S3 API key as secret.
333# Press Enter to skip region and output format — region is always passed per-command, not stored in config.
medNo capability manifest declaredThe skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.rule: no-manifest▾
No capability manifest declared
The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.
rule:
no-manifestskillox.io/r/crawl-zkp8239mkd2u1lepdufebhsj